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DETAILED ACTION 
Response to Amendment 

This action is responsive to Amendment filed 1 1 January 2006 in which no claim has been 
amended, canceled or added. 

Status of Claims 

Claims 1-18 have been examined. 

Response to Arguments 

Applicants arguments with respect to claims 1-18 have been considered but are moot in view of 
the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. §102 that form the basis 
for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a 
printed publication in this or a foreign country, before the invention thereof by the applicant for a 
patent 

Claims 1-18 are rejected under 35 U.S.C. §1 02(a) as being anticipated by U.S. Patent Application 
Publication No. 2003/0033528 A1 published 13 February 2003 to Ozog et aL 
As per claim 1 . Ozog et al. disclose a system comprising: 

• a terminal capable of communicating at least one of within and across at least one network, 
wherein the terminal is included within an organization including a plurality of terminals, at least 
one terminal having at least one characteristic and being at least one of a plurality of positions 
within the organization (i.e., computing platform(s) - para. [0027]); 

• a secondary certification authority (CA) (i.e., the certificate authority of the Issuer/Grantor's 
company, the Telecommunication Service Provider V, or public authority such as Mandate 
Authority 410, 510 - para. [0065], figures 4, 5) capable of providing at least one role certificate to 
the terminal based upon the at least one position of the terminal within the organization, wherein 
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the organization includes a plurality of secondary CA's capable of issuing at least one role 
certificate to respective groups of terminals of the organization (i.e., the Issuer/Grantor Certified 
Reference being a role certificate - para. [0041-0042, 0054, 01 10]); 

• a tertiary CA (i.e., Issuer/Grantor B Virtual Certificate Authority VCA(B) - para. [0062, 0065]) 
capable of providing at least one permission certificate to the terminal based upon the at least 
one characteristic of the terminal that is located at a position within the organization, wherein the 
organization includes a plurality of tertiary CA's capable of issuing at least one permission 
certificate to respective sub-groups of terminals of the organization (i.e., Mandate being a 
permission certificate - para. [0032, 0033, 0043, 0066]); and 

• a server (i.e., a computer system owned by third-party or service provider V - para. [0110]) 
capable of authenticating the terminal based upon an identity certificate (i.e., public key certificate 
from certificate authority CA(X), authenticity certificate 512, as being identity certificate - para. 
[0063, 0074]), the at least one role certificate (i.e., VCA(B) certificate being role certificate - para. 
[0067-0068]) and the at least one permission certificate (i.e., Mandate being permission certificate 
- para. [0033, 0071]) of the terminal to thereby determine whether to grant the terminal access to 
at least one resource of the server (para. [0072-0079, 0106]). 

As per claims 2, 3. 8 and 9 . Ozog et al. disclose a system/method of claims 1 and 7, 
respectively, wherein the terminal comprises a terminal included within an organization comprising a 
customer base of a cellular service provider that includes a plurality of terminals, each terminal being at 
one of a plurality of positions comprising a plurality of 'service plans'/services offered by the cellular 
network operator, and wherein at least one terminal has at least one characteristic comprising at least 
one optional service offered by the cellular network operator [0080, 0105-0107]. 

As per claims 4 and 10 . Ozog et al. disclose a system/method of claims 1 and 7, respectively, 
wherein the tertiary CA is capable of providing at least one permission certificate each having an 
associated validity time no greater than a validity time of the at least one role certificate provided by the 
secondary CA, and no greater than a validity time of the identity certificate [0044, 0057, 0075-0077, 
0106]. 
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As per claims Sand 11 , Ozog et aL disclose a system/method of claims 4 and 10, respectively, 
wherein the server is capable of authenticating the terminal based upon the validity times of the identity 
certificate, at least one role certificate and at least one permission certificate of the respective terminal 
[0075-0079,0106]. 

As per claims 6 and 12 . Ozog et al. disclose a system/method of claims 1 and 7, respectively, 
wherein the terminal is capable of requesting access to at least one resource of a server before the 
server authenticates the terminal (para. [0071, 0072, 0099]), and wherein the server is capable of 
granting access to the at least one resource if the terminal is authenticated (para. [0079]). 

As per claim 7 . Ozog et al. disclose a method of authenticating a terminal comprising: 

• providing a terminal capable of communicating at least one of within and across at least one 
network, wherein the terminal is included within an organization including a plurality of terminals, 
at least one terminal having at least one characteristic and being at least one of a plurality of 
positions within the organization (i.e., computing platform (s) - para. [0027]); 

• providing at least one role certificate to the terminal from a secondary certification authority (CA) 
based upon the at least one position of the terminal within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role certificate 
to respective groups of terminals of the organization (i.e., the Issuer/Grantor Certified Reference 
being a role certificate - para. [0041-0042, 0054, 01 10], is provided by a certificate authority of 
the Issuer/Grantor's company, the Telecommunication Service Provider V, or public authority 
such as Mandate Authority 410, 510 - para. [0065], figures 4, 5); 

• providing at least one permission certificate to the terminal from a tertiary CA based upon the at 
least one characteristic of the terminal located at a position within the organization, wherein the 
organization includes a plurality of tertiary CA's capable of issuing at least one permission 
certificate to respective sub-groups of terminals of the organization (i.e., Mandate being a 
permission certificate - para. [0032, 0033, 0043, 0066] is provided by issuer/Grantor B Virtual 
Certificate Authority VCA(B) - para. [0062, 0065]); and 
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• authenticating the terminal at a server based upon an identity certificate, the at least one role 
certificate and the at least one permission certificate of the terminal to thereby determine whether 
to grant the terminal access to at least one resource of the server (para. [0072-0079, 0106]). 

As per claim 13 . Ozog et al. disclose a terminal included within an organization including a 
plurality of terminals, each terminal having at least one characteristic and being at least one of a plurality 
of positions within the organization, the terminal comprising: 

• a controller capable of communicating at least one of within and across at least one network, 
wherein the controller is capable of obtaining at least one role certificate 10 from a secondary 
certification authority (CA) based upon the at least one position of the terminal within the 
organization and at least one permission certificate from a tertiary CA based upon the at least 
one characteristic of the terminal that is located at a position within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role certificate 
to respective groups of terminals of the organization, and wherein the organization includes a 
plurality of tertiary CA's capable of issuing at least one permission certificate to respective sub- 
groups of terminals of the organization (i.e., a controller is inherently included in computing 
platforms of para. [0027] obtaining an Issuer/Grantor Certified Reference {a role certificate} - 
para. [0041-0042, 0054, 01 10] from a certificate authority of the Issuer/Grantor's company, the 
Telecommunication Service Provider V, or public authority such as Mandate Authority 410, 510 
{secondary certificate authority} - para. [0065], figures 4, 5; and obtaining a Mandate {permission 
certificate} - para. [0032, 0033, 0043, 0066] from Issuer/Grantor B Virtual Certificate Authority 
VCA(B) {tertiary CA} - para. [0062, 0065]); and 

• a memory capable of storing an identity certificate, at least one role certificate and at least one 
permission certificate [0056], 

• wherein the controller is also capable of communicating with a server (i.e., the controller of the 
terminal/'computing platform* requesting access to a controlled resource on the third-party, or 
Telecommunication Service Provider V - para. [0071, 0072, 0099]) such that the server is 
capable of authenticating the terminal based upon the identity certificate, the at least one role 
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certificate and the at least one permission certificate of the terminal to thereby determine whether 

to grant the terminal access to at least one resource of the server (para. [0072-0079, 0106]). 

As per claim 14 , Ozog et al. disclose a terminal of claim 13, wherein the controller is capable of 
obtaining at least one role certificate from a secondary CA capable of issuing at least one role certificate 
to each terminal of the organization comprising a customer base of a cellular service provider that 
includes a plurality of terminals, each terminal being at one of a plurality of positions comprising a plurality 
of service plans offered by the cellular network operator, and wherein the controller is capable of 
obtaining at least one permission certificate based upon at least one characteristic comprising at least 
one optional service offered by the cellular network operator (i.e., a controller is inherently included in 
computing platforms of para. [0027] obtaining an Issuer/Grantor Certified Reference {a role certificate} - 
para. [0041-0042, 0054, 01 10] from a certificate authority of the Issuer/Grantor's company, the 
Telecommunication Service Provider V, or public authority such as Mandate Authority 410, 510 
{secondary certificate authority} - para. [0065], figures 4, 5; and obtaining a Mandate {permission 
certificate} - para. [0032, 0033, 0043, 0066] from Issuer/Grantor B Virtual Certificate Authority VCA(B) 
{tertiary CA} - para. [0062, 0065]). 

As per claim 15 , Ozog et al. disclose a terminal of claim 13, wherein the controller is capable of 
obtaining at least one role certificate from a secondary CA capable of issuing at least one role certificate 
to each terminal of the organization comprising a customer base of a cellular service provider that 
includes a plurality of terminals, each terminal being at least one of a plurality of positions comprising a 
plurality of services offered by the cellular network operator, and wherein the controller is capable of 
obtaining at least one permission certificate based upon at least one characteristic comprising at least 
one optional service offered by the cellular network operator (i.e., a controller is inherently included in 
computing platforms of para. [0027] obtaining an Issuer/Grantor Certified Reference {a role certificate} - 
para. [0041-0042, 0054, 01 10] from a certificate authority of the Issuer/Grantor's company, the 
Telecommunication Service Provider V, or public authority such as Mandate Authority 410, 510 
{secondary certificate authority} - para. [0065], figures 4, 5; and obtaining a Mandate {permission 
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certificate} - para. [0032, 0033, 0043, 0066] from Issuer/Grantor B Virtual Certificate Authority VCA(B) 
{tertiary CA} - para. [0062, 0065]). 

As per claim 16 , Ozog et a!, disclose a terminal of claim 13, wherein the controller is capable of 
obtaining at least one permission certificate each having an associated validity time no greater than a 
validity time of the at least one role certificate obtained by the controller, and no greater than a validity 
time of the identity certificate [0044, 0057, 0075-0077, 0106]. 

As per claim 17 , Ozog et al. disclose a terminal of claim 16, wherein the controller is also capable 
of communicating with a server (para. [0071 , 0072, 0099]) such that the server is capable of 
authenticating the terminal based upon the validity times of the identity certificate, at least one role 
certificate and at least one permission certificate of the respective terminal (para. [0075-0079, 0106]). 

As per claim 18 . Ozog et al. disclose a terminal of claim 13, wherein the controller is capable of 
requesting access to at least one resource of a server before the server authenticates the terminal (para. 
[0071 , 0072, 0099]) such that the server is capable of granting access to the at least one resource if the 
terminal is authenticated (para. [0079]). 

Conclusion 

Examiner has pointed out particular references contained in the prior arts of record in the body of 
this action for the convenience of the applicant. Although the specified citations are representative of the 
teachings in the art and are applied to the specific limitations within the individual claim, other passages 
and figures may apply as well. It is respectfully requested from the applicant, in preparing the response, 
to consider fully the entire references as potentially teaching all or part of the claimed invention, as well as 
the context of the passage as taught by the prior arts or disclosed by the examiner. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to NANCY LOAN T. LE whose telephone number is (571) 272-7066. The examiner can 
normally be reached on Monday-Thursday, 7am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JAMES P. TRAM M ELL can be reached on (571) 272-6712. For official/regular communication, the 
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fax number for the organization where this application or proceeding is assigned is (571) 273-8300. For 
informal/draft communication, the fax number is (571) 273-7066 (Rightfax). 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . 
Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 



P.O. Box 1450 



Alexandria, VA 22313-1450 



Hand-delivered responses should be brought to: 



United States Patent and Trademark Office 



Customer Service Window 



Randolph Building 



401 Dulany Street 



Alexandria, VA 22314 



NL 



14 April 2006 




